Does a Lawyer Have a Duty to Replace Hacked Funds?
Lawyers of the digital age already have an array of ethical dilemmas to worry about. But now there's a new ethics question: Do lawyers have a duty to replace hacked funds?
In the opinion of the North Carolina State Bar, the answer is maybe. But in reality, it just gets back to every lawyer's favorite word: "reasonable."
North Carolinian Ethics
North Carolina's Bar's ethics committee concluded Oct. 23 that so long as a lawyer takes reasonable security measures to safeguard their computer network, they are not ethically obligated to replace funds that are lost when an invader hacks into a trust account and absconds with the funds, Bloomberg reports. This answers a question that had been on the minds of attorneys in the region.
Well, That Sounds Reasonable
North Carolina's "reasonable measures" language should not come as any surprise to a practitioner. The committee didn't break any new grounds, but simply highlighted and underscored the well settled doctrine of negligence. If a lawyer could have foreseen that a hack would lead to lost client funds, then he is on the hook.
Moving Goalposts of Reasonableness
What's nice about reasonableness is that it never changes. The only thing that changes are the steps needed to stay reasonable. That's where the trouble begins. Within a single generation, the legal industry went from taking a rather lax attitude with regards to client asset security to being ultra-paranoid.
Ten years ago, hacks were considered ultra-exotic and just beyond foreseeable. However, the landscape has changed to the point that the besieged are not even aware of the size of their castle. The technicalities behind cybersecurity are so complex many lawyers opted for law school to escape technical jargon. The holes in the system are the points of invasion for hackers.
A lawyer's best defense is another hacker -- or at least a consultant whose expertise is network defense. With hacks making headlines almost every week, courts are bound to conclude that such attacks are more foreseeable than ever before. Today's lawyers have no choice but to confront technology security. There's no place to hide anymore.
Related Resources:
- Why Your Law Firm's Data Might Not be as Secure as You Think (IRIS eDiscovery)
- Cybersecurity 101: Best Practices Your Firm Should Implement(FindLaw's Strategist)
- In-House Attorneys Panic Over Cyberattacks and Damage Control (FindLaw's In-House)
- CFTC: Adopt New Security Measures, Or Else? (FindLaw's In-House)